Analysts are advising against using Microsoft's Internet Information Server (IIS) because of its multitude of vulnerabilities that viruses like Nimda and Code Red exploit.
The Gartner Group has advised enterprises that had not yet made web server decisions to "weigh security heavily and to evaluate other web server software offerings" rather than opting straight out for IIS.
And for those which have already opted for IIS and have been hit by Code Red or Nimda, Gartner suggests "immediately investigating alternatives to IIS, including moving web applications to web server software from other vendors, such as iPlanet and Apache".
John Pescatore, information security strategies analyst at Gartner, said the track record of IIS should prompt enterprises with web applications to rethink their choices and "start investigating less vulnerable web server products".
He explained that, while platforms such as Apache or iPlanet have also required security patches in the past, they "have much better security records than IIS and are not under active attack by the vast number of virus and worm writers".
Pescatore said that IIS, and most likely Microsoft's .Net service too, would continue to be under attack until its code base is completely rewritten - something he doesn't envisage happening until 2003.
"For Microsoft's vision of .Net and web services to succeed, Windows XP will have to be significantly more secure than Windows 2000 has proven to be; otherwise, Microsoft risks losing some enterprise business to more secure implementations of web services," he said.
Pescatore maintained that the same old buffer overflow problems appearing in beta Windows XP code raise doubts over the effectiveness of Microsoft's security assurance tools.
Gartner's research also concluded that, based on how easy it is to attack IIS web servers, "using internet-exposed IIS web servers securely has a high cost of ownership".
For users already on the IIS path, Gartner emphasises that all enterprises should, as a minimum, go through the security checklist and install all patches.
But the analyst also warned that "the constant need to deploy these patches continues to increase the total cost of ownership of IIS web servers and always leaves periods of vulnerability", suggesting that users will always be on their toes, and never quite watertight.
Wikileaks Vault 7 suspect Joshua Schulte fingered by FBI after re-using smartphone passwords on his PCs
Joshua Schulte indicted on 13 counts relating to Vault 7 leaks and trading in images of child abuse
Alexa for Hospitality will link with existing systems so guests can order room service and control the air con
Massive volcanic eruptions could have warmed Mars' surface sufficiently for oceans to form
Examination of fruit flies' brains generated more than one billion data points for scientists to analyse